CRP with UNSW

Program Analysis for Mobile Device Security

Data61 SCS, UNSW
Partners: Jingling Xue (Scientia Professor, UNSW)

Android is the dominant smartphone platform accounting 88% market share of all smartphones in the 3rd quarter of 2016 according to Stategy Analytics, with 2.8 million apps at Google Play in March 2017. Thus, Android is a growing target for mobile malware, with 1,723,265 new malware samples, i.e., 9,468 new malware samples per day in the first half of according to G Data. Cyber criminals have now found a way of smuggling ransomware and other malware onto mobile devices without any interaction by the user. Visiting a manipulated website is all it takes. According to the 2016 Threat Report from Australian Cyber Security Centre, “cybercrime remains a pervasive threat to Australia’s national interests and prosperity”, with “increased exploitation of vulnerabilities found in Adobe Flash” via compromised browsers.

For the fast-growing smartphone market, the scientific foundations for program analysis are still inadequate. As Android apps are framework-based, multi-threaded and event-driven, the complex semantics of the framework event/threading/callback model presents a major challenge to security analysis, both statically and dynamically. While a single Android app may consist of 50KLOC – 100KLOC in Java, the app must be analysed together with the underlying Android framework. As a result, each resulting app often consists of million of lines of code. Such large and complex programs cannot be handled scalably and precisely by formal verification techniques such as model checking.

In this project, we will significantly advance the state of the art in software security analysis for mobile apps. By leveraging our recent advances in pointer analysis for C, C++ and Java (published in top venues such as PLDI, ECOOP, FSE, SAS and CGO and released as open-source software), we will develop sophisticated static and dynamic analysis techniques to enable both the data and control flows of Android apps to be modelled systematically. Therefore, this project will provide a basis for almost all static and dynamic analyses for mobile software security on, for example, detecting information leaks, repackaging attacks, spoofing attacks, and privilege escalation.

In particular, we will meet the following technical objectives:

  1. Developing pointer analysis techniques for tracking malicious value flows in Android apps
  2. Developing static and dynamic analysis techniques to check if 3rd party mobile apps contain deliberately hidden malicious functionalities
  3. Developing scalable static and dynamic analysis techniques for Android apps with low false positives (by suppressing false alarms) and low false negatives (by not missing critical security flaws)

The innovations of this project are:

  1. The first pointer analysis foundation that can discover the points-to information in Android apps, by considering callbacks, Intents, ICC (inter-component communication)
  2. The first static and dynamic reflection analysis for Android apps, by applying reflection-oriented slicing techniques with automatic test case generation
  3. The first activity-based static and dynamic analysis for handling callbacks.

The successful completion of the project will

  1. advance the state of the art on security analysis for Android apps;
  2. significantly improve the safety and security of Android apps;
  3. produce open-source software on mobile security analysis
  4. develop Data61 capability in mobile security; and
  5. provide to industry a basis for new products and services.